MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
28 
36 
37  public function execute() {
38  $params = $this->extractRequestParams();
39  $res = [
40  ApiResult::META_TYPE => 'assoc',
41  ];
42 
43  if ( $this->lacksSameOriginSecurity() ) {
44  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
45  return;
46  }
47 
48  $user = $this->getUser();
49  $session = $this->getRequest()->getSession();
50  $salts = self::getTokenTypeSalts();
51  foreach ( $params['type'] as $type ) {
52  $res[$type . 'token'] = self::getToken( $user, $session, $salts[$type] )->toString();
53  }
54 
55  $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
56  }
57 
66  public static function getTokenTypeSalts() {
67  static $salts = null;
68  if ( !$salts ) {
69  $salts = [
70  'csrf' => '',
71  'watch' => 'watch',
72  'patrol' => 'patrol',
73  'rollback' => 'rollback',
74  'userrights' => 'userrights',
75  'login' => [ '', 'login' ],
76  'createaccount' => [ '', 'createaccount' ],
77  ];
78  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
81  ksort( $salts );
82  }
83 
84  return $salts;
85  }
86 
99  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
100  if ( is_array( $salt ) ) {
101  $session->persist();
102  return $session->getToken( ...$salt );
103  } else {
104  return $user->getEditTokenObject( $salt, $session->getRequest() );
105  }
106  }
107 
108  public function getAllowedParams() {
109  return [
110  'type' => [
111  ApiBase::PARAM_DFLT => 'csrf',
112  ApiBase::PARAM_ISMULTI => true,
113  ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
114  ApiBase::PARAM_ALL => true,
115  ],
116  ];
117  }
118 
119  protected function getExamplesMessages() {
120  return [
121  'action=query&meta=tokens'
122  => 'apihelp-query+tokens-example-simple',
123  'action=query&meta=tokens&type=watch|patrol'
124  => 'apihelp-query+tokens-example-types',
125  ];
126  }
127 
128  public function isReadMode() {
129  // So login tokens can be fetched on private wikis
130  return false;
131  }
132 
133  public function getCacheMode( $params ) {
134  return 'private';
135  }
136 
137  public function getHelpUrls() {
138  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
139  }
140 }
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1354
ApiBase\$hookContainer
HookContainer $hookContainer
Definition: ApiBase.php:60
ApiQueryTokens\getCacheMode
getCacheMode( $params)
Get the cache mode for the data generated by this module.
Definition: ApiQueryTokens.php:133
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:203
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:3161
ApiResult\META_TYPE
const META_TYPE
Key for the 'type' metadata item.
Definition: ApiResult.php:110
ApiBase\PARAM_ALL
const PARAM_ALL
Definition: ApiBase.php:117
ApiBase\PARAM_TYPE
const PARAM_TYPE
Definition: ApiBase.php:81
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:628
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiQueryTokens.php:37
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiQueryTokens.php:108
ContextSource\getRequest
getRequest()
Definition: ContextSource.php:81
$res
$res
Definition: testCompression.php:57
ContextSource\getUser
getUser()
Definition: ContextSource.php:136
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition: ApiHookRunner.php:55
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:559
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition: ApiQueryTokens.php:35
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiQueryTokens.php:128
ApiQueryBase
This is a base class for all Query modules.
Definition: ApiQueryBase.php:37
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:66
ApiBase\$hookRunner
ApiHookRunner $hookRunner
Definition: ApiBase.php:63
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiQueryTokens.php:137
MediaWiki
A helper class for throttling authentication attempts.
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:764
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiQueryTokens.php:119
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:99
ApiBase\PARAM_DFLT
const PARAM_DFLT
Definition: ApiBase.php:73
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:497
ApiBase\PARAM_ISMULTI
const PARAM_ISMULTI
Definition: ApiBase.php:77
MediaWiki\Api\ApiHookRunner\onApiQueryTokensRegisterTypes
onApiQueryTokensRegisterTypes(&$salts)
Use this hook to add additional token types to action=query&meta=tokens.
Definition: ApiHookRunner.php:230
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:67
$type
$type
Definition: testCompression.php:52